1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh_config.5,v 1.366 2021/09/25 09:40:33 kn Exp $ 37.Dd $Mdocdate: September 25 2021 $ 38.Dt SSH_CONFIG 5 39.Os 40.Sh NAME 41.Nm ssh_config 42.Nd OpenSSH client configuration file 43.Sh DESCRIPTION 44.Xr ssh 1 45obtains configuration data from the following sources in 46the following order: 47.Pp 48.Bl -enum -offset indent -compact 49.It 50command-line options 51.It 52user's configuration file 53.Pq Pa ~/.ssh/config 54.It 55system-wide configuration file 56.Pq Pa /etc/ssh/ssh_config 57.El 58.Pp 59For each parameter, the first obtained value 60will be used. 61The configuration files contain sections separated by 62.Cm Host 63specifications, and that section is only applied for hosts that 64match one of the patterns given in the specification. 65The matched host name is usually the one given on the command line 66(see the 67.Cm CanonicalizeHostname 68option for exceptions). 69.Pp 70Since the first obtained value for each parameter is used, more 71host-specific declarations should be given near the beginning of the 72file, and general defaults at the end. 73.Pp 74The file contains keyword-argument pairs, one per line. 75Lines starting with 76.Ql # 77and empty lines are interpreted as comments. 78Arguments may optionally be enclosed in double quotes 79.Pq \&" 80in order to represent arguments containing spaces. 81Configuration options may be separated by whitespace or 82optional whitespace and exactly one 83.Ql = ; 84the latter format is useful to avoid the need to quote whitespace 85when specifying configuration options using the 86.Nm ssh , 87.Nm scp , 88and 89.Nm sftp 90.Fl o 91option. 92.Pp 93The possible 94keywords and their meanings are as follows (note that 95keywords are case-insensitive and arguments are case-sensitive): 96.Bl -tag -width Ds 97.It Cm Host 98Restricts the following declarations (up to the next 99.Cm Host 100or 101.Cm Match 102keyword) to be only for those hosts that match one of the patterns 103given after the keyword. 104If more than one pattern is provided, they should be separated by whitespace. 105A single 106.Ql * 107as a pattern can be used to provide global 108defaults for all hosts. 109The host is usually the 110.Ar hostname 111argument given on the command line 112(see the 113.Cm CanonicalizeHostname 114keyword for exceptions). 115.Pp 116A pattern entry may be negated by prefixing it with an exclamation mark 117.Pq Sq !\& . 118If a negated entry is matched, then the 119.Cm Host 120entry is ignored, regardless of whether any other patterns on the line 121match. 122Negated matches are therefore useful to provide exceptions for wildcard 123matches. 124.Pp 125See 126.Sx PATTERNS 127for more information on patterns. 128.It Cm Match 129Restricts the following declarations (up to the next 130.Cm Host 131or 132.Cm Match 133keyword) to be used only when the conditions following the 134.Cm Match 135keyword are satisfied. 136Match conditions are specified using one or more criteria 137or the single token 138.Cm all 139which always matches. 140The available criteria keywords are: 141.Cm canonical , 142.Cm final , 143.Cm exec , 144.Cm host , 145.Cm originalhost , 146.Cm user , 147and 148.Cm localuser . 149The 150.Cm all 151criteria must appear alone or immediately after 152.Cm canonical 153or 154.Cm final . 155Other criteria may be combined arbitrarily. 156All criteria but 157.Cm all , 158.Cm canonical , 159and 160.Cm final 161require an argument. 162Criteria may be negated by prepending an exclamation mark 163.Pq Sq !\& . 164.Pp 165The 166.Cm canonical 167keyword matches only when the configuration file is being re-parsed 168after hostname canonicalization (see the 169.Cm CanonicalizeHostname 170option). 171This may be useful to specify conditions that work with canonical host 172names only. 173.Pp 174The 175.Cm final 176keyword requests that the configuration be re-parsed (regardless of whether 177.Cm CanonicalizeHostname 178is enabled), and matches only during this final pass. 179If 180.Cm CanonicalizeHostname 181is enabled, then 182.Cm canonical 183and 184.Cm final 185match during the same pass. 186.Pp 187The 188.Cm exec 189keyword executes the specified command under the user's shell. 190If the command returns a zero exit status then the condition is considered true. 191Commands containing whitespace characters must be quoted. 192Arguments to 193.Cm exec 194accept the tokens described in the 195.Sx TOKENS 196section. 197.Pp 198The other keywords' criteria must be single entries or comma-separated 199lists and may use the wildcard and negation operators described in the 200.Sx PATTERNS 201section. 202The criteria for the 203.Cm host 204keyword are matched against the target hostname, after any substitution 205by the 206.Cm Hostname 207or 208.Cm CanonicalizeHostname 209options. 210The 211.Cm originalhost 212keyword matches against the hostname as it was specified on the command-line. 213The 214.Cm user 215keyword matches against the target username on the remote host. 216The 217.Cm localuser 218keyword matches against the name of the local user running 219.Xr ssh 1 220(this keyword may be useful in system-wide 221.Nm 222files). 223.It Cm AddKeysToAgent 224Specifies whether keys should be automatically added to a running 225.Xr ssh-agent 1 . 226If this option is set to 227.Cm yes 228and a key is loaded from a file, the key and its passphrase are added to 229the agent with the default lifetime, as if by 230.Xr ssh-add 1 . 231If this option is set to 232.Cm ask , 233.Xr ssh 1 234will require confirmation using the 235.Ev SSH_ASKPASS 236program before adding a key (see 237.Xr ssh-add 1 238for details). 239If this option is set to 240.Cm confirm , 241each use of the key must be confirmed, as if the 242.Fl c 243option was specified to 244.Xr ssh-add 1 . 245If this option is set to 246.Cm no , 247no keys are added to the agent. 248Alternately, this option may be specified as a time interval 249using the format described in the 250.Sx TIME FORMATS 251section of 252.Xr sshd_config 5 253to specify the key's lifetime in 254.Xr ssh-agent 1 , 255after which it will automatically be removed. 256The argument must be 257.Cm no 258(the default), 259.Cm yes , 260.Cm confirm 261(optionally followed by a time interval), 262.Cm ask 263or a time interval. 264.It Cm AddressFamily 265Specifies which address family to use when connecting. 266Valid arguments are 267.Cm any 268(the default), 269.Cm inet 270(use IPv4 only), or 271.Cm inet6 272(use IPv6 only). 273.It Cm BatchMode 274If set to 275.Cm yes , 276user interaction such as password prompts and host key confirmation requests 277will be disabled. 278This option is useful in scripts and other batch jobs where no user 279is present to interact with 280.Xr ssh 1 . 281The argument must be 282.Cm yes 283or 284.Cm no 285(the default). 286.It Cm BindAddress 287Use the specified address on the local machine as the source address of 288the connection. 289Only useful on systems with more than one address. 290.It Cm BindInterface 291Use the address of the specified interface on the local machine as the 292source address of the connection. 293.It Cm CanonicalDomains 294When 295.Cm CanonicalizeHostname 296is enabled, this option specifies the list of domain suffixes in which to 297search for the specified destination host. 298.It Cm CanonicalizeFallbackLocal 299Specifies whether to fail with an error when hostname canonicalization fails. 300The default, 301.Cm yes , 302will attempt to look up the unqualified hostname using the system resolver's 303search rules. 304A value of 305.Cm no 306will cause 307.Xr ssh 1 308to fail instantly if 309.Cm CanonicalizeHostname 310is enabled and the target hostname cannot be found in any of the domains 311specified by 312.Cm CanonicalDomains . 313.It Cm CanonicalizeHostname 314Controls whether explicit hostname canonicalization is performed. 315The default, 316.Cm no , 317is not to perform any name rewriting and let the system resolver handle all 318hostname lookups. 319If set to 320.Cm yes 321then, for connections that do not use a 322.Cm ProxyCommand 323or 324.Cm ProxyJump , 325.Xr ssh 1 326will attempt to canonicalize the hostname specified on the command line 327using the 328.Cm CanonicalDomains 329suffixes and 330.Cm CanonicalizePermittedCNAMEs 331rules. 332If 333.Cm CanonicalizeHostname 334is set to 335.Cm always , 336then canonicalization is applied to proxied connections too. 337.Pp 338If this option is enabled, then the configuration files are processed 339again using the new target name to pick up any new configuration in matching 340.Cm Host 341and 342.Cm Match 343stanzas. 344A value of 345.Cm none 346disables the use of a 347.Cm ProxyJump 348host. 349.It Cm CanonicalizeMaxDots 350Specifies the maximum number of dot characters in a hostname before 351canonicalization is disabled. 352The default, 1, 353allows a single dot (i.e. hostname.subdomain). 354.It Cm CanonicalizePermittedCNAMEs 355Specifies rules to determine whether CNAMEs should be followed when 356canonicalizing hostnames. 357The rules consist of one or more arguments of 358.Ar source_domain_list : Ns Ar target_domain_list , 359where 360.Ar source_domain_list 361is a pattern-list of domains that may follow CNAMEs in canonicalization, 362and 363.Ar target_domain_list 364is a pattern-list of domains that they may resolve to. 365.Pp 366For example, 367.Qq *.a.example.com:*.b.example.com,*.c.example.com 368will allow hostnames matching 369.Qq *.a.example.com 370to be canonicalized to names in the 371.Qq *.b.example.com 372or 373.Qq *.c.example.com 374domains. 375.Pp 376A single argument of 377.Qq none 378causes no CNAMEs to be considered for canonicalization. 379This is the default behaviour. 380.It Cm CASignatureAlgorithms 381Specifies which algorithms are allowed for signing of certificates 382by certificate authorities (CAs). 383The default is: 384.Bd -literal -offset indent 385ssh-ed25519,ecdsa-sha2-nistp256, 386ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 387sk-ssh-ed25519@openssh.com, 388sk-ecdsa-sha2-nistp256@openssh.com, 389rsa-sha2-512,rsa-sha2-256 390.Ed 391.Pp 392If the specified list begins with a 393.Sq + 394character, then the specified algorithms will be appended to the default set 395instead of replacing them. 396If the specified list begins with a 397.Sq - 398character, then the specified algorithms (including wildcards) will be removed 399from the default set instead of replacing them. 400.Pp 401.Xr ssh 1 402will not accept host certificates signed using algorithms other than those 403specified. 404.It Cm CertificateFile 405Specifies a file from which the user's certificate is read. 406A corresponding private key must be provided separately in order 407to use this certificate either 408from an 409.Cm IdentityFile 410directive or 411.Fl i 412flag to 413.Xr ssh 1 , 414via 415.Xr ssh-agent 1 , 416or via a 417.Cm PKCS11Provider 418or 419.Cm SecurityKeyProvider . 420.Pp 421Arguments to 422.Cm CertificateFile 423may use the tilde syntax to refer to a user's home directory, 424the tokens described in the 425.Sx TOKENS 426section and environment variables as described in the 427.Sx ENVIRONMENT VARIABLES 428section. 429.Pp 430It is possible to have multiple certificate files specified in 431configuration files; these certificates will be tried in sequence. 432Multiple 433.Cm CertificateFile 434directives will add to the list of certificates used for 435authentication. 436.It Cm CheckHostIP 437If set to 438.Cm yes 439.Xr ssh 1 440will additionally check the host IP address in the 441.Pa known_hosts 442file. 443This allows it to detect if a host key changed due to DNS spoofing 444and will add addresses of destination hosts to 445.Pa ~/.ssh/known_hosts 446in the process, regardless of the setting of 447.Cm StrictHostKeyChecking . 448If the option is set to 449.Cm no 450(the default), 451the check will not be executed. 452.It Cm Ciphers 453Specifies the ciphers allowed and their order of preference. 454Multiple ciphers must be comma-separated. 455If the specified list begins with a 456.Sq + 457character, then the specified ciphers will be appended to the default set 458instead of replacing them. 459If the specified list begins with a 460.Sq - 461character, then the specified ciphers (including wildcards) will be removed 462from the default set instead of replacing them. 463If the specified list begins with a 464.Sq ^ 465character, then the specified ciphers will be placed at the head of the 466default set. 467.Pp 468The supported ciphers are: 469.Bd -literal -offset indent 4703des-cbc 471aes128-cbc 472aes192-cbc 473aes256-cbc 474aes128-ctr 475aes192-ctr 476aes256-ctr 477aes128-gcm@openssh.com 478aes256-gcm@openssh.com 479chacha20-poly1305@openssh.com 480.Ed 481.Pp 482The default is: 483.Bd -literal -offset indent 484chacha20-poly1305@openssh.com, 485aes128-ctr,aes192-ctr,aes256-ctr, 486aes128-gcm@openssh.com,aes256-gcm@openssh.com 487.Ed 488.Pp 489The list of available ciphers may also be obtained using 490.Qq ssh -Q cipher . 491.It Cm ClearAllForwardings 492Specifies that all local, remote, and dynamic port forwardings 493specified in the configuration files or on the command line be 494cleared. 495This option is primarily useful when used from the 496.Xr ssh 1 497command line to clear port forwardings set in 498configuration files, and is automatically set by 499.Xr scp 1 500and 501.Xr sftp 1 . 502The argument must be 503.Cm yes 504or 505.Cm no 506(the default). 507.It Cm Compression 508Specifies whether to use compression. 509The argument must be 510.Cm yes 511or 512.Cm no 513(the default). 514.It Cm ConnectionAttempts 515Specifies the number of tries (one per second) to make before exiting. 516The argument must be an integer. 517This may be useful in scripts if the connection sometimes fails. 518The default is 1. 519.It Cm ConnectTimeout 520Specifies the timeout (in seconds) used when connecting to the 521SSH server, instead of using the default system TCP timeout. 522This timeout is applied both to establishing the connection and to performing 523the initial SSH protocol handshake and key exchange. 524.It Cm ControlMaster 525Enables the sharing of multiple sessions over a single network connection. 526When set to 527.Cm yes , 528.Xr ssh 1 529will listen for connections on a control socket specified using the 530.Cm ControlPath 531argument. 532Additional sessions can connect to this socket using the same 533.Cm ControlPath 534with 535.Cm ControlMaster 536set to 537.Cm no 538(the default). 539These sessions will try to reuse the master instance's network connection 540rather than initiating new ones, but will fall back to connecting normally 541if the control socket does not exist, or is not listening. 542.Pp 543Setting this to 544.Cm ask 545will cause 546.Xr ssh 1 547to listen for control connections, but require confirmation using 548.Xr ssh-askpass 1 . 549If the 550.Cm ControlPath 551cannot be opened, 552.Xr ssh 1 553will continue without connecting to a master instance. 554.Pp 555X11 and 556.Xr ssh-agent 1 557forwarding is supported over these multiplexed connections, however the 558display and agent forwarded will be the one belonging to the master 559connection i.e. it is not possible to forward multiple displays or agents. 560.Pp 561Two additional options allow for opportunistic multiplexing: try to use a 562master connection but fall back to creating a new one if one does not already 563exist. 564These options are: 565.Cm auto 566and 567.Cm autoask . 568The latter requires confirmation like the 569.Cm ask 570option. 571.It Cm ControlPath 572Specify the path to the control socket used for connection sharing as described 573in the 574.Cm ControlMaster 575section above or the string 576.Cm none 577to disable connection sharing. 578Arguments to 579.Cm ControlPath 580may use the tilde syntax to refer to a user's home directory, 581the tokens described in the 582.Sx TOKENS 583section and environment variables as described in the 584.Sx ENVIRONMENT VARIABLES 585section. 586It is recommended that any 587.Cm ControlPath 588used for opportunistic connection sharing include 589at least %h, %p, and %r (or alternatively %C) and be placed in a directory 590that is not writable by other users. 591This ensures that shared connections are uniquely identified. 592.It Cm ControlPersist 593When used in conjunction with 594.Cm ControlMaster , 595specifies that the master connection should remain open 596in the background (waiting for future client connections) 597after the initial client connection has been closed. 598If set to 599.Cm no 600(the default), 601then the master connection will not be placed into the background, 602and will close as soon as the initial client connection is closed. 603If set to 604.Cm yes 605or 0, 606then the master connection will remain in the background indefinitely 607(until killed or closed via a mechanism such as the 608.Qq ssh -O exit ) . 609If set to a time in seconds, or a time in any of the formats documented in 610.Xr sshd_config 5 , 611then the backgrounded master connection will automatically terminate 612after it has remained idle (with no client connections) for the 613specified time. 614.It Cm DynamicForward 615Specifies that a TCP port on the local machine be forwarded 616over the secure channel, and the application 617protocol is then used to determine where to connect to from the 618remote machine. 619.Pp 620The argument must be 621.Sm off 622.Oo Ar bind_address : Oc Ar port . 623.Sm on 624IPv6 addresses can be specified by enclosing addresses in square brackets. 625By default, the local port is bound in accordance with the 626.Cm GatewayPorts 627setting. 628However, an explicit 629.Ar bind_address 630may be used to bind the connection to a specific address. 631The 632.Ar bind_address 633of 634.Cm localhost 635indicates that the listening port be bound for local use only, while an 636empty address or 637.Sq * 638indicates that the port should be available from all interfaces. 639.Pp 640Currently the SOCKS4 and SOCKS5 protocols are supported, and 641.Xr ssh 1 642will act as a SOCKS server. 643Multiple forwardings may be specified, and 644additional forwardings can be given on the command line. 645Only the superuser can forward privileged ports. 646.It Cm EnableSSHKeysign 647Setting this option to 648.Cm yes 649in the global client configuration file 650.Pa /etc/ssh/ssh_config 651enables the use of the helper program 652.Xr ssh-keysign 8 653during 654.Cm HostbasedAuthentication . 655The argument must be 656.Cm yes 657or 658.Cm no 659(the default). 660This option should be placed in the non-hostspecific section. 661See 662.Xr ssh-keysign 8 663for more information. 664.It Cm EscapeChar 665Sets the escape character (default: 666.Ql ~ ) . 667The escape character can also 668be set on the command line. 669The argument should be a single character, 670.Ql ^ 671followed by a letter, or 672.Cm none 673to disable the escape 674character entirely (making the connection transparent for binary 675data). 676.It Cm ExitOnForwardFailure 677Specifies whether 678.Xr ssh 1 679should terminate the connection if it cannot set up all requested 680dynamic, tunnel, local, and remote port forwardings, (e.g.\& 681if either end is unable to bind and listen on a specified port). 682Note that 683.Cm ExitOnForwardFailure 684does not apply to connections made over port forwardings and will not, 685for example, cause 686.Xr ssh 1 687to exit if TCP connections to the ultimate forwarding destination fail. 688The argument must be 689.Cm yes 690or 691.Cm no 692(the default). 693.It Cm FingerprintHash 694Specifies the hash algorithm used when displaying key fingerprints. 695Valid options are: 696.Cm md5 697and 698.Cm sha256 699(the default). 700.It Cm ForkAfterAuthentication 701Requests 702.Nm ssh 703to go to background just before command execution. 704This is useful if 705.Nm ssh 706is going to ask for passwords or passphrases, but the user 707wants it in the background. 708This implies the 709.Cm StdinNull 710configuration option being set to 711.Dq yes . 712The recommended way to start X11 programs at a remote site is with 713something like 714.Ic ssh -f host xterm , 715which is the same as 716.Ic ssh host xterm 717if the 718.Cm ForkAfterAuthentication 719configuration option is set to 720.Dq yes . 721.Pp 722If the 723.Cm ExitOnForwardFailure 724configuration option is set to 725.Dq yes , 726then a client started with the 727.Cm ForkAfterAuthentication 728configuration option being set to 729.Dq yes 730will wait for all remote port forwards to be successfully established 731before placing itself in the background. 732The argument to this keyword must be 733.Cm yes 734(same as the 735.Fl f 736option) or 737.Cm no 738(the default). 739.It Cm ForwardAgent 740Specifies whether the connection to the authentication agent (if any) 741will be forwarded to the remote machine. 742The argument may be 743.Cm yes , 744.Cm no 745(the default), 746an explicit path to an agent socket or the name of an environment variable 747(beginning with 748.Sq $ ) 749in which to find the path. 750.Pp 751Agent forwarding should be enabled with caution. 752Users with the ability to bypass file permissions on the remote host 753(for the agent's Unix-domain socket) 754can access the local agent through the forwarded connection. 755An attacker cannot obtain key material from the agent, 756however they can perform operations on the keys that enable them to 757authenticate using the identities loaded into the agent. 758.It Cm ForwardX11 759Specifies whether X11 connections will be automatically redirected 760over the secure channel and 761.Ev DISPLAY 762set. 763The argument must be 764.Cm yes 765or 766.Cm no 767(the default). 768.Pp 769X11 forwarding should be enabled with caution. 770Users with the ability to bypass file permissions on the remote host 771(for the user's X11 authorization database) 772can access the local X11 display through the forwarded connection. 773An attacker may then be able to perform activities such as keystroke monitoring 774if the 775.Cm ForwardX11Trusted 776option is also enabled. 777.It Cm ForwardX11Timeout 778Specify a timeout for untrusted X11 forwarding 779using the format described in the 780.Sx TIME FORMATS 781section of 782.Xr sshd_config 5 . 783X11 connections received by 784.Xr ssh 1 785after this time will be refused. 786Setting 787.Cm ForwardX11Timeout 788to zero will disable the timeout and permit X11 forwarding for the life 789of the connection. 790The default is to disable untrusted X11 forwarding after twenty minutes has 791elapsed. 792.It Cm ForwardX11Trusted 793If this option is set to 794.Cm yes , 795remote X11 clients will have full access to the original X11 display. 796.Pp 797If this option is set to 798.Cm no 799(the default), 800remote X11 clients will be considered untrusted and prevented 801from stealing or tampering with data belonging to trusted X11 802clients. 803Furthermore, the 804.Xr xauth 1 805token used for the session will be set to expire after 20 minutes. 806Remote clients will be refused access after this time. 807.Pp 808See the X11 SECURITY extension specification for full details on 809the restrictions imposed on untrusted clients. 810.It Cm GatewayPorts 811Specifies whether remote hosts are allowed to connect to local 812forwarded ports. 813By default, 814.Xr ssh 1 815binds local port forwardings to the loopback address. 816This prevents other remote hosts from connecting to forwarded ports. 817.Cm GatewayPorts 818can be used to specify that ssh 819should bind local port forwardings to the wildcard address, 820thus allowing remote hosts to connect to forwarded ports. 821The argument must be 822.Cm yes 823or 824.Cm no 825(the default). 826.It Cm GlobalKnownHostsFile 827Specifies one or more files to use for the global 828host key database, separated by whitespace. 829The default is 830.Pa /etc/ssh/ssh_known_hosts , 831.Pa /etc/ssh/ssh_known_hosts2 . 832.It Cm GSSAPIAuthentication 833Specifies whether user authentication based on GSSAPI is allowed. 834The default is 835.Cm no . 836.It Cm GSSAPIDelegateCredentials 837Forward (delegate) credentials to the server. 838The default is 839.Cm no . 840.It Cm HashKnownHosts 841Indicates that 842.Xr ssh 1 843should hash host names and addresses when they are added to 844.Pa ~/.ssh/known_hosts . 845These hashed names may be used normally by 846.Xr ssh 1 847and 848.Xr sshd 8 , 849but they do not visually reveal identifying information if the 850file's contents are disclosed. 851The default is 852.Cm no . 853Note that existing names and addresses in known hosts files 854will not be converted automatically, 855but may be manually hashed using 856.Xr ssh-keygen 1 . 857.It Cm HostbasedAcceptedAlgorithms 858Specifies the signature algorithms that will be used for hostbased 859authentication as a comma-separated list of patterns. 860Alternately if the specified list begins with a 861.Sq + 862character, then the specified signature algorithms will be appended 863to the default set instead of replacing them. 864If the specified list begins with a 865.Sq - 866character, then the specified signature algorithms (including wildcards) 867will be removed from the default set instead of replacing them. 868If the specified list begins with a 869.Sq ^ 870character, then the specified signature algorithms will be placed 871at the head of the default set. 872The default for this option is: 873.Bd -literal -offset 3n 874ssh-ed25519-cert-v01@openssh.com, 875ecdsa-sha2-nistp256-cert-v01@openssh.com, 876ecdsa-sha2-nistp384-cert-v01@openssh.com, 877ecdsa-sha2-nistp521-cert-v01@openssh.com, 878sk-ssh-ed25519-cert-v01@openssh.com, 879sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 880rsa-sha2-512-cert-v01@openssh.com, 881rsa-sha2-256-cert-v01@openssh.com, 882ssh-ed25519, 883ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 884sk-ssh-ed25519@openssh.com, 885sk-ecdsa-sha2-nistp256@openssh.com, 886rsa-sha2-512,rsa-sha2-256 887.Ed 888.Pp 889The 890.Fl Q 891option of 892.Xr ssh 1 893may be used to list supported signature algorithms. 894This was formerly named HostbasedKeyTypes. 895.It Cm HostbasedAuthentication 896Specifies whether to try rhosts based authentication with public key 897authentication. 898The argument must be 899.Cm yes 900or 901.Cm no 902(the default). 903.It Cm HostKeyAlgorithms 904Specifies the host key signature algorithms 905that the client wants to use in order of preference. 906Alternately if the specified list begins with a 907.Sq + 908character, then the specified signature algorithms will be appended to 909the default set instead of replacing them. 910If the specified list begins with a 911.Sq - 912character, then the specified signature algorithms (including wildcards) 913will be removed from the default set instead of replacing them. 914If the specified list begins with a 915.Sq ^ 916character, then the specified signature algorithms will be placed 917at the head of the default set. 918The default for this option is: 919.Bd -literal -offset 3n 920ssh-ed25519-cert-v01@openssh.com, 921ecdsa-sha2-nistp256-cert-v01@openssh.com, 922ecdsa-sha2-nistp384-cert-v01@openssh.com, 923ecdsa-sha2-nistp521-cert-v01@openssh.com, 924sk-ssh-ed25519-cert-v01@openssh.com, 925sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 926rsa-sha2-512-cert-v01@openssh.com, 927rsa-sha2-256-cert-v01@openssh.com, 928ssh-ed25519, 929ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 930sk-ecdsa-sha2-nistp256@openssh.com, 931sk-ssh-ed25519@openssh.com, 932rsa-sha2-512,rsa-sha2-256 933.Ed 934.Pp 935If hostkeys are known for the destination host then this default is modified 936to prefer their algorithms. 937.Pp 938The list of available signature algorithms may also be obtained using 939.Qq ssh -Q HostKeyAlgorithms . 940.It Cm HostKeyAlias 941Specifies an alias that should be used instead of the 942real host name when looking up or saving the host key 943in the host key database files and when validating host certificates. 944This option is useful for tunneling SSH connections 945or for multiple servers running on a single host. 946.It Cm Hostname 947Specifies the real host name to log into. 948This can be used to specify nicknames or abbreviations for hosts. 949Arguments to 950.Cm Hostname 951accept the tokens described in the 952.Sx TOKENS 953section. 954Numeric IP addresses are also permitted (both on the command line and in 955.Cm Hostname 956specifications). 957The default is the name given on the command line. 958.It Cm IdentitiesOnly 959Specifies that 960.Xr ssh 1 961should only use the configured authentication identity and certificate files 962(either the default files, or those explicitly configured in the 963.Nm 964files 965or passed on the 966.Xr ssh 1 967command-line), 968even if 969.Xr ssh-agent 1 970or a 971.Cm PKCS11Provider 972or 973.Cm SecurityKeyProvider 974offers more identities. 975The argument to this keyword must be 976.Cm yes 977or 978.Cm no 979(the default). 980This option is intended for situations where ssh-agent 981offers many different identities. 982.It Cm IdentityAgent 983Specifies the 984.Ux Ns -domain 985socket used to communicate with the authentication agent. 986.Pp 987This option overrides the 988.Ev SSH_AUTH_SOCK 989environment variable and can be used to select a specific agent. 990Setting the socket name to 991.Cm none 992disables the use of an authentication agent. 993If the string 994.Qq SSH_AUTH_SOCK 995is specified, the location of the socket will be read from the 996.Ev SSH_AUTH_SOCK 997environment variable. 998Otherwise if the specified value begins with a 999.Sq $ 1000character, then it will be treated as an environment variable containing 1001the location of the socket. 1002.Pp 1003Arguments to 1004.Cm IdentityAgent 1005may use the tilde syntax to refer to a user's home directory, 1006the tokens described in the 1007.Sx TOKENS 1008section and environment variables as described in the 1009.Sx ENVIRONMENT VARIABLES 1010section. 1011.It Cm IdentityFile 1012Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, 1013Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. 1014The default is 1015.Pa ~/.ssh/id_dsa , 1016.Pa ~/.ssh/id_ecdsa , 1017.Pa ~/.ssh/id_ecdsa_sk , 1018.Pa ~/.ssh/id_ed25519 , 1019.Pa ~/.ssh/id_ed25519_sk 1020and 1021.Pa ~/.ssh/id_rsa . 1022Additionally, any identities represented by the authentication agent 1023will be used for authentication unless 1024.Cm IdentitiesOnly 1025is set. 1026If no certificates have been explicitly specified by 1027.Cm CertificateFile , 1028.Xr ssh 1 1029will try to load certificate information from the filename obtained by 1030appending 1031.Pa -cert.pub 1032to the path of a specified 1033.Cm IdentityFile . 1034.Pp 1035Arguments to 1036.Cm IdentityFile 1037may use the tilde syntax to refer to a user's home directory 1038or the tokens described in the 1039.Sx TOKENS 1040section. 1041.Pp 1042It is possible to have 1043multiple identity files specified in configuration files; all these 1044identities will be tried in sequence. 1045Multiple 1046.Cm IdentityFile 1047directives will add to the list of identities tried (this behaviour 1048differs from that of other configuration directives). 1049.Pp 1050.Cm IdentityFile 1051may be used in conjunction with 1052.Cm IdentitiesOnly 1053to select which identities in an agent are offered during authentication. 1054.Cm IdentityFile 1055may also be used in conjunction with 1056.Cm CertificateFile 1057in order to provide any certificate also needed for authentication with 1058the identity. 1059.It Cm IgnoreUnknown 1060Specifies a pattern-list of unknown options to be ignored if they are 1061encountered in configuration parsing. 1062This may be used to suppress errors if 1063.Nm 1064contains options that are unrecognised by 1065.Xr ssh 1 . 1066It is recommended that 1067.Cm IgnoreUnknown 1068be listed early in the configuration file as it will not be applied 1069to unknown options that appear before it. 1070.It Cm Include 1071Include the specified configuration file(s). 1072Multiple pathnames may be specified and each pathname may contain 1073.Xr glob 7 1074wildcards and, for user configurations, shell-like 1075.Sq ~ 1076references to user home directories. 1077Wildcards will be expanded and processed in lexical order. 1078Files without absolute paths are assumed to be in 1079.Pa ~/.ssh 1080if included in a user configuration file or 1081.Pa /etc/ssh 1082if included from the system configuration file. 1083.Cm Include 1084directive may appear inside a 1085.Cm Match 1086or 1087.Cm Host 1088block 1089to perform conditional inclusion. 1090.It Cm IPQoS 1091Specifies the IPv4 type-of-service or DSCP class for connections. 1092Accepted values are 1093.Cm af11 , 1094.Cm af12 , 1095.Cm af13 , 1096.Cm af21 , 1097.Cm af22 , 1098.Cm af23 , 1099.Cm af31 , 1100.Cm af32 , 1101.Cm af33 , 1102.Cm af41 , 1103.Cm af42 , 1104.Cm af43 , 1105.Cm cs0 , 1106.Cm cs1 , 1107.Cm cs2 , 1108.Cm cs3 , 1109.Cm cs4 , 1110.Cm cs5 , 1111.Cm cs6 , 1112.Cm cs7 , 1113.Cm ef , 1114.Cm le , 1115.Cm lowdelay , 1116.Cm throughput , 1117.Cm reliability , 1118a numeric value, or 1119.Cm none 1120to use the operating system default. 1121This option may take one or two arguments, separated by whitespace. 1122If one argument is specified, it is used as the packet class unconditionally. 1123If two values are specified, the first is automatically selected for 1124interactive sessions and the second for non-interactive sessions. 1125The default is 1126.Cm af21 1127(Low-Latency Data) 1128for interactive sessions and 1129.Cm cs1 1130(Lower Effort) 1131for non-interactive sessions. 1132.It Cm KbdInteractiveAuthentication 1133Specifies whether to use keyboard-interactive authentication. 1134The argument to this keyword must be 1135.Cm yes 1136(the default) 1137or 1138.Cm no . 1139.Cm ChallengeResponseAuthentication 1140is a deprecated alias for this. 1141.It Cm KbdInteractiveDevices 1142Specifies the list of methods to use in keyboard-interactive authentication. 1143Multiple method names must be comma-separated. 1144The default is to use the server specified list. 1145The methods available vary depending on what the server supports. 1146For an OpenSSH server, 1147it may be zero or more of: 1148.Cm bsdauth 1149and 1150.Cm pam . 1151.It Cm KexAlgorithms 1152Specifies the available KEX (Key Exchange) algorithms. 1153Multiple algorithms must be comma-separated. 1154If the specified list begins with a 1155.Sq + 1156character, then the specified algorithms will be appended to the default set 1157instead of replacing them. 1158If the specified list begins with a 1159.Sq - 1160character, then the specified algorithms (including wildcards) will be removed 1161from the default set instead of replacing them. 1162If the specified list begins with a 1163.Sq ^ 1164character, then the specified algorithms will be placed at the head of the 1165default set. 1166The default is: 1167.Bd -literal -offset indent 1168curve25519-sha256,curve25519-sha256@libssh.org, 1169ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 1170diffie-hellman-group-exchange-sha256, 1171diffie-hellman-group16-sha512, 1172diffie-hellman-group18-sha512, 1173diffie-hellman-group14-sha256 1174.Ed 1175.Pp 1176The list of available key exchange algorithms may also be obtained using 1177.Qq ssh -Q kex . 1178.It Cm KnownHostsCommand 1179Specifies a command to use to obtain a list of host keys, in addition to 1180those listed in 1181.Cm UserKnownHostsFile 1182and 1183.Cm GlobalKnownHostsFile . 1184This command is executed after the files have been read. 1185It may write host key lines to standard output in identical format to the 1186usual files (described in the 1187.Sx VERIFYING HOST KEYS 1188section in 1189.Xr ssh 1 ) . 1190Arguments to 1191.Cm KnownHostsCommand 1192accept the tokens described in the 1193.Sx TOKENS 1194section. 1195The command may be invoked multiple times per connection: once when preparing 1196the preference list of host key algorithms to use, again to obtain the 1197host key for the requested host name and, if 1198.Cm CheckHostIP 1199is enabled, one more time to obtain the host key matching the server's 1200address. 1201If the command exits abnormally or returns a non-zero exit status then the 1202connection is terminated. 1203.It Cm LocalCommand 1204Specifies a command to execute on the local machine after successfully 1205connecting to the server. 1206The command string extends to the end of the line, and is executed with 1207the user's shell. 1208Arguments to 1209.Cm LocalCommand 1210accept the tokens described in the 1211.Sx TOKENS 1212section. 1213.Pp 1214The command is run synchronously and does not have access to the 1215session of the 1216.Xr ssh 1 1217that spawned it. 1218It should not be used for interactive commands. 1219.Pp 1220This directive is ignored unless 1221.Cm PermitLocalCommand 1222has been enabled. 1223.It Cm LocalForward 1224Specifies that a TCP port on the local machine be forwarded over 1225the secure channel to the specified host and port from the remote machine. 1226The first argument specifies the listener and may be 1227.Sm off 1228.Oo Ar bind_address : Oc Ar port 1229.Sm on 1230or a Unix domain socket path. 1231The second argument is the destination and may be 1232.Ar host : Ns Ar hostport 1233or a Unix domain socket path if the remote host supports it. 1234.Pp 1235IPv6 addresses can be specified by enclosing addresses in square brackets. 1236Multiple forwardings may be specified, and additional forwardings can be 1237given on the command line. 1238Only the superuser can forward privileged ports. 1239By default, the local port is bound in accordance with the 1240.Cm GatewayPorts 1241setting. 1242However, an explicit 1243.Ar bind_address 1244may be used to bind the connection to a specific address. 1245The 1246.Ar bind_address 1247of 1248.Cm localhost 1249indicates that the listening port be bound for local use only, while an 1250empty address or 1251.Sq * 1252indicates that the port should be available from all interfaces. 1253Unix domain socket paths may use the tokens described in the 1254.Sx TOKENS 1255section and environment variables as described in the 1256.Sx ENVIRONMENT VARIABLES 1257section. 1258.It Cm LogLevel 1259Gives the verbosity level that is used when logging messages from 1260.Xr ssh 1 . 1261The possible values are: 1262QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 1263The default is INFO. 1264DEBUG and DEBUG1 are equivalent. 1265DEBUG2 and DEBUG3 each specify higher levels of verbose output. 1266.It Cm LogVerbose 1267Specify one or more overrides to LogLevel. 1268An override consists of a pattern lists that matches the source file, function 1269and line number to force detailed logging for. 1270For example, an override pattern of: 1271.Bd -literal -offset indent 1272kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* 1273.Ed 1274.Pp 1275would enable detailed logging for line 1000 of 1276.Pa kex.c , 1277everything in the 1278.Fn kex_exchange_identification 1279function, and all code in the 1280.Pa packet.c 1281file. 1282This option is intended for debugging and no overrides are enabled by default. 1283.It Cm MACs 1284Specifies the MAC (message authentication code) algorithms 1285in order of preference. 1286The MAC algorithm is used for data integrity protection. 1287Multiple algorithms must be comma-separated. 1288If the specified list begins with a 1289.Sq + 1290character, then the specified algorithms will be appended to the default set 1291instead of replacing them. 1292If the specified list begins with a 1293.Sq - 1294character, then the specified algorithms (including wildcards) will be removed 1295from the default set instead of replacing them. 1296If the specified list begins with a 1297.Sq ^ 1298character, then the specified algorithms will be placed at the head of the 1299default set. 1300.Pp 1301The algorithms that contain 1302.Qq -etm 1303calculate the MAC after encryption (encrypt-then-mac). 1304These are considered safer and their use recommended. 1305.Pp 1306The default is: 1307.Bd -literal -offset indent 1308umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1309hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1310hmac-sha1-etm@openssh.com, 1311umac-64@openssh.com,umac-128@openssh.com, 1312hmac-sha2-256,hmac-sha2-512,hmac-sha1 1313.Ed 1314.Pp 1315The list of available MAC algorithms may also be obtained using 1316.Qq ssh -Q mac . 1317.It Cm NoHostAuthenticationForLocalhost 1318Disable host authentication for localhost (loopback addresses). 1319The argument to this keyword must be 1320.Cm yes 1321or 1322.Cm no 1323(the default). 1324.It Cm NumberOfPasswordPrompts 1325Specifies the number of password prompts before giving up. 1326The argument to this keyword must be an integer. 1327The default is 3. 1328.It Cm PasswordAuthentication 1329Specifies whether to use password authentication. 1330The argument to this keyword must be 1331.Cm yes 1332(the default) 1333or 1334.Cm no . 1335.It Cm PermitLocalCommand 1336Allow local command execution via the 1337.Ic LocalCommand 1338option or using the 1339.Ic !\& Ns Ar command 1340escape sequence in 1341.Xr ssh 1 . 1342The argument must be 1343.Cm yes 1344or 1345.Cm no 1346(the default). 1347.It Cm PermitRemoteOpen 1348Specifies the destinations to which remote TCP port forwarding is permitted when 1349.Cm RemoteForward 1350is used as a SOCKS proxy. 1351The forwarding specification must be one of the following forms: 1352.Pp 1353.Bl -item -offset indent -compact 1354.It 1355.Cm PermitRemoteOpen 1356.Sm off 1357.Ar host : port 1358.Sm on 1359.It 1360.Cm PermitRemoteOpen 1361.Sm off 1362.Ar IPv4_addr : port 1363.Sm on 1364.It 1365.Cm PermitRemoteOpen 1366.Sm off 1367.Ar \&[ IPv6_addr \&] : port 1368.Sm on 1369.El 1370.Pp 1371Multiple forwards may be specified by separating them with whitespace. 1372An argument of 1373.Cm any 1374can be used to remove all restrictions and permit any forwarding requests. 1375An argument of 1376.Cm none 1377can be used to prohibit all forwarding requests. 1378The wildcard 1379.Sq * 1380can be used for host or port to allow all hosts or ports respectively. 1381Otherwise, no pattern matching or address lookups are performed on supplied 1382names. 1383.It Cm PKCS11Provider 1384Specifies which PKCS#11 provider to use or 1385.Cm none 1386to indicate that no provider should be used (the default). 1387The argument to this keyword is a path to the PKCS#11 shared library 1388.Xr ssh 1 1389should use to communicate with a PKCS#11 token providing keys for user 1390authentication. 1391.It Cm Port 1392Specifies the port number to connect on the remote host. 1393The default is 22. 1394.It Cm PreferredAuthentications 1395Specifies the order in which the client should try authentication methods. 1396This allows a client to prefer one method (e.g.\& 1397.Cm keyboard-interactive ) 1398over another method (e.g.\& 1399.Cm password ) . 1400The default is: 1401.Bd -literal -offset indent 1402gssapi-with-mic,hostbased,publickey, 1403keyboard-interactive,password 1404.Ed 1405.It Cm ProxyCommand 1406Specifies the command to use to connect to the server. 1407The command 1408string extends to the end of the line, and is executed 1409using the user's shell 1410.Ql exec 1411directive to avoid a lingering shell process. 1412.Pp 1413Arguments to 1414.Cm ProxyCommand 1415accept the tokens described in the 1416.Sx TOKENS 1417section. 1418The command can be basically anything, 1419and should read from its standard input and write to its standard output. 1420It should eventually connect an 1421.Xr sshd 8 1422server running on some machine, or execute 1423.Ic sshd -i 1424somewhere. 1425Host key management will be done using the 1426.Cm Hostname 1427of the host being connected (defaulting to the name typed by the user). 1428Setting the command to 1429.Cm none 1430disables this option entirely. 1431Note that 1432.Cm CheckHostIP 1433is not available for connects with a proxy command. 1434.Pp 1435This directive is useful in conjunction with 1436.Xr nc 1 1437and its proxy support. 1438For example, the following directive would connect via an HTTP proxy at 1439192.0.2.0: 1440.Bd -literal -offset 3n 1441ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 1442.Ed 1443.It Cm ProxyJump 1444Specifies one or more jump proxies as either 1445.Xo 1446.Sm off 1447.Op Ar user No @ 1448.Ar host 1449.Op : Ns Ar port 1450.Sm on 1451or an ssh URI 1452.Xc . 1453Multiple proxies may be separated by comma characters and will be visited 1454sequentially. 1455Setting this option will cause 1456.Xr ssh 1 1457to connect to the target host by first making a 1458.Xr ssh 1 1459connection to the specified 1460.Cm ProxyJump 1461host and then establishing a 1462TCP forwarding to the ultimate target from there. 1463Setting the host to 1464.Cm none 1465disables this option entirely. 1466.Pp 1467Note that this option will compete with the 1468.Cm ProxyCommand 1469option - whichever is specified first will prevent later instances of the 1470other from taking effect. 1471.Pp 1472Note also that the configuration for the destination host (either supplied 1473via the command-line or the configuration file) is not generally applied 1474to jump hosts. 1475.Pa ~/.ssh/config 1476should be used if specific configuration is required for jump hosts. 1477.It Cm ProxyUseFdpass 1478Specifies that 1479.Cm ProxyCommand 1480will pass a connected file descriptor back to 1481.Xr ssh 1 1482instead of continuing to execute and pass data. 1483The default is 1484.Cm no . 1485.It Cm PubkeyAcceptedAlgorithms 1486Specifies the signature algorithms that will be used for public key 1487authentication as a comma-separated list of patterns. 1488If the specified list begins with a 1489.Sq + 1490character, then the algorithms after it will be appended to the default 1491instead of replacing it. 1492If the specified list begins with a 1493.Sq - 1494character, then the specified algorithms (including wildcards) will be removed 1495from the default set instead of replacing them. 1496If the specified list begins with a 1497.Sq ^ 1498character, then the specified algorithms will be placed at the head of the 1499default set. 1500The default for this option is: 1501.Bd -literal -offset 3n 1502ssh-ed25519-cert-v01@openssh.com, 1503ecdsa-sha2-nistp256-cert-v01@openssh.com, 1504ecdsa-sha2-nistp384-cert-v01@openssh.com, 1505ecdsa-sha2-nistp521-cert-v01@openssh.com, 1506sk-ssh-ed25519-cert-v01@openssh.com, 1507sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, 1508rsa-sha2-512-cert-v01@openssh.com, 1509rsa-sha2-256-cert-v01@openssh.com, 1510ssh-ed25519, 1511ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1512sk-ssh-ed25519@openssh.com, 1513sk-ecdsa-sha2-nistp256@openssh.com, 1514rsa-sha2-512,rsa-sha2-256 1515.Ed 1516.Pp 1517The list of available signature algorithms may also be obtained using 1518.Qq ssh -Q PubkeyAcceptedAlgorithms . 1519.It Cm PubkeyAuthentication 1520Specifies whether to try public key authentication. 1521The argument to this keyword must be 1522.Cm yes 1523(the default) 1524or 1525.Cm no . 1526.It Cm RekeyLimit 1527Specifies the maximum amount of data that may be transmitted before the 1528session key is renegotiated, optionally followed by a maximum amount of 1529time that may pass before the session key is renegotiated. 1530The first argument is specified in bytes and may have a suffix of 1531.Sq K , 1532.Sq M , 1533or 1534.Sq G 1535to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1536The default is between 1537.Sq 1G 1538and 1539.Sq 4G , 1540depending on the cipher. 1541The optional second value is specified in seconds and may use any of the 1542units documented in the TIME FORMATS section of 1543.Xr sshd_config 5 . 1544The default value for 1545.Cm RekeyLimit 1546is 1547.Cm default none , 1548which means that rekeying is performed after the cipher's default amount 1549of data has been sent or received and no time based rekeying is done. 1550.It Cm RemoteCommand 1551Specifies a command to execute on the remote machine after successfully 1552connecting to the server. 1553The command string extends to the end of the line, and is executed with 1554the user's shell. 1555Arguments to 1556.Cm RemoteCommand 1557accept the tokens described in the 1558.Sx TOKENS 1559section. 1560.It Cm RemoteForward 1561Specifies that a TCP port on the remote machine be forwarded over 1562the secure channel. 1563The remote port may either be forwarded to a specified host and port 1564from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote 1565client to connect to arbitrary destinations from the local machine. 1566The first argument is the listening specification and may be 1567.Sm off 1568.Oo Ar bind_address : Oc Ar port 1569.Sm on 1570or, if the remote host supports it, a Unix domain socket path. 1571If forwarding to a specific destination then the second argument must be 1572.Ar host : Ns Ar hostport 1573or a Unix domain socket path, 1574otherwise if no destination argument is specified then the remote forwarding 1575will be established as a SOCKS proxy. 1576When acting as a SOCKS proxy the destination of the connection can be 1577restricted by 1578.Cm PermitRemoteOpen . 1579.Pp 1580IPv6 addresses can be specified by enclosing addresses in square brackets. 1581Multiple forwardings may be specified, and additional 1582forwardings can be given on the command line. 1583Privileged ports can be forwarded only when 1584logging in as root on the remote machine. 1585Unix domain socket paths may use the tokens described in the 1586.Sx TOKENS 1587section and environment variables as described in the 1588.Sx ENVIRONMENT VARIABLES 1589section. 1590.Pp 1591If the 1592.Ar port 1593argument is 0, 1594the listen port will be dynamically allocated on the server and reported 1595to the client at run time. 1596.Pp 1597If the 1598.Ar bind_address 1599is not specified, the default is to only bind to loopback addresses. 1600If the 1601.Ar bind_address 1602is 1603.Ql * 1604or an empty string, then the forwarding is requested to listen on all 1605interfaces. 1606Specifying a remote 1607.Ar bind_address 1608will only succeed if the server's 1609.Cm GatewayPorts 1610option is enabled (see 1611.Xr sshd_config 5 ) . 1612.It Cm RequestTTY 1613Specifies whether to request a pseudo-tty for the session. 1614The argument may be one of: 1615.Cm no 1616(never request a TTY), 1617.Cm yes 1618(always request a TTY when standard input is a TTY), 1619.Cm force 1620(always request a TTY) or 1621.Cm auto 1622(request a TTY when opening a login session). 1623This option mirrors the 1624.Fl t 1625and 1626.Fl T 1627flags for 1628.Xr ssh 1 . 1629.It Cm RevokedHostKeys 1630Specifies revoked host public keys. 1631Keys listed in this file will be refused for host authentication. 1632Note that if this file does not exist or is not readable, 1633then host authentication will be refused for all hosts. 1634Keys may be specified as a text file, listing one public key per line, or as 1635an OpenSSH Key Revocation List (KRL) as generated by 1636.Xr ssh-keygen 1 . 1637For more information on KRLs, see the KEY REVOCATION LISTS section in 1638.Xr ssh-keygen 1 . 1639.It Cm SecurityKeyProvider 1640Specifies a path to a library that will be used when loading any 1641FIDO authenticator-hosted keys, overriding the default of using 1642the built-in USB HID support. 1643.Pp 1644If the specified value begins with a 1645.Sq $ 1646character, then it will be treated as an environment variable containing 1647the path to the library. 1648.It Cm SendEnv 1649Specifies what variables from the local 1650.Xr environ 7 1651should be sent to the server. 1652The server must also support it, and the server must be configured to 1653accept these environment variables. 1654Note that the 1655.Ev TERM 1656environment variable is always sent whenever a 1657pseudo-terminal is requested as it is required by the protocol. 1658Refer to 1659.Cm AcceptEnv 1660in 1661.Xr sshd_config 5 1662for how to configure the server. 1663Variables are specified by name, which may contain wildcard characters. 1664Multiple environment variables may be separated by whitespace or spread 1665across multiple 1666.Cm SendEnv 1667directives. 1668.Pp 1669See 1670.Sx PATTERNS 1671for more information on patterns. 1672.Pp 1673It is possible to clear previously set 1674.Cm SendEnv 1675variable names by prefixing patterns with 1676.Pa - . 1677The default is not to send any environment variables. 1678.It Cm ServerAliveCountMax 1679Sets the number of server alive messages (see below) which may be 1680sent without 1681.Xr ssh 1 1682receiving any messages back from the server. 1683If this threshold is reached while server alive messages are being sent, 1684ssh will disconnect from the server, terminating the session. 1685It is important to note that the use of server alive messages is very 1686different from 1687.Cm TCPKeepAlive 1688(below). 1689The server alive messages are sent through the encrypted channel 1690and therefore will not be spoofable. 1691The TCP keepalive option enabled by 1692.Cm TCPKeepAlive 1693is spoofable. 1694The server alive mechanism is valuable when the client or 1695server depend on knowing when a connection has become unresponsive. 1696.Pp 1697The default value is 3. 1698If, for example, 1699.Cm ServerAliveInterval 1700(see below) is set to 15 and 1701.Cm ServerAliveCountMax 1702is left at the default, if the server becomes unresponsive, 1703ssh will disconnect after approximately 45 seconds. 1704.It Cm ServerAliveInterval 1705Sets a timeout interval in seconds after which if no data has been received 1706from the server, 1707.Xr ssh 1 1708will send a message through the encrypted 1709channel to request a response from the server. 1710The default 1711is 0, indicating that these messages will not be sent to the server. 1712.It Cm SessionType 1713May be used to either request invocation of a subsystem on the remote system, 1714or to prevent the execution of a remote command at all. 1715The latter is useful for just forwarding ports. 1716The argument to this keyword must be 1717.Cm none 1718(same as the 1719.Fl N 1720option), 1721.Cm subsystem 1722(same as the 1723.Fl s 1724option) or 1725.Cm default 1726(shell or command execution). 1727.It Cm SetEnv 1728Directly specify one or more environment variables and their contents to 1729be sent to the server. 1730Similarly to 1731.Cm SendEnv , 1732with the exception of the 1733.Ev TERM 1734variable, the server must be prepared to accept the environment variable. 1735.It Cm StdinNull 1736Redirects stdin from 1737.Pa /dev/null 1738(actually, prevents reading from stdin). 1739Either this or the equivalent 1740.Fl n 1741option must be used when 1742.Nm ssh 1743is run in the background. 1744The argument to this keyword must be 1745.Cm yes 1746(same as the 1747.Fl n 1748option) or 1749.Cm no 1750(the default). 1751.It Cm StreamLocalBindMask 1752Sets the octal file creation mode mask 1753.Pq umask 1754used when creating a Unix-domain socket file for local or remote 1755port forwarding. 1756This option is only used for port forwarding to a Unix-domain socket file. 1757.Pp 1758The default value is 0177, which creates a Unix-domain socket file that is 1759readable and writable only by the owner. 1760Note that not all operating systems honor the file mode on Unix-domain 1761socket files. 1762.It Cm StreamLocalBindUnlink 1763Specifies whether to remove an existing Unix-domain socket file for local 1764or remote port forwarding before creating a new one. 1765If the socket file already exists and 1766.Cm StreamLocalBindUnlink 1767is not enabled, 1768.Nm ssh 1769will be unable to forward the port to the Unix-domain socket file. 1770This option is only used for port forwarding to a Unix-domain socket file. 1771.Pp 1772The argument must be 1773.Cm yes 1774or 1775.Cm no 1776(the default). 1777.It Cm StrictHostKeyChecking 1778If this flag is set to 1779.Cm yes , 1780.Xr ssh 1 1781will never automatically add host keys to the 1782.Pa ~/.ssh/known_hosts 1783file, and refuses to connect to hosts whose host key has changed. 1784This provides maximum protection against man-in-the-middle (MITM) attacks, 1785though it can be annoying when the 1786.Pa /etc/ssh/ssh_known_hosts 1787file is poorly maintained or when connections to new hosts are 1788frequently made. 1789This option forces the user to manually 1790add all new hosts. 1791.Pp 1792If this flag is set to 1793.Cm accept-new 1794then ssh will automatically add new host keys to the user's 1795.Pa known_hosts 1796file, but will not permit connections to hosts with 1797changed host keys. 1798If this flag is set to 1799.Cm no 1800or 1801.Cm off , 1802ssh will automatically add new host keys to the user known hosts files 1803and allow connections to hosts with changed hostkeys to proceed, 1804subject to some restrictions. 1805If this flag is set to 1806.Cm ask 1807(the default), 1808new host keys 1809will be added to the user known host files only after the user 1810has confirmed that is what they really want to do, and 1811ssh will refuse to connect to hosts whose host key has changed. 1812The host keys of 1813known hosts will be verified automatically in all cases. 1814.It Cm SyslogFacility 1815Gives the facility code that is used when logging messages from 1816.Xr ssh 1 . 1817The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1818LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1819The default is USER. 1820.It Cm TCPKeepAlive 1821Specifies whether the system should send TCP keepalive messages to the 1822other side. 1823If they are sent, death of the connection or crash of one 1824of the machines will be properly noticed. 1825However, this means that 1826connections will die if the route is down temporarily, and some people 1827find it annoying. 1828.Pp 1829The default is 1830.Cm yes 1831(to send TCP keepalive messages), and the client will notice 1832if the network goes down or the remote host dies. 1833This is important in scripts, and many users want it too. 1834.Pp 1835To disable TCP keepalive messages, the value should be set to 1836.Cm no . 1837See also 1838.Cm ServerAliveInterval 1839for protocol-level keepalives. 1840.It Cm Tunnel 1841Request 1842.Xr tun 4 1843device forwarding between the client and the server. 1844The argument must be 1845.Cm yes , 1846.Cm point-to-point 1847(layer 3), 1848.Cm ethernet 1849(layer 2), 1850or 1851.Cm no 1852(the default). 1853Specifying 1854.Cm yes 1855requests the default tunnel mode, which is 1856.Cm point-to-point . 1857.It Cm TunnelDevice 1858Specifies the 1859.Xr tun 4 1860devices to open on the client 1861.Pq Ar local_tun 1862and the server 1863.Pq Ar remote_tun . 1864.Pp 1865The argument must be 1866.Sm off 1867.Ar local_tun Op : Ar remote_tun . 1868.Sm on 1869The devices may be specified by numerical ID or the keyword 1870.Cm any , 1871which uses the next available tunnel device. 1872If 1873.Ar remote_tun 1874is not specified, it defaults to 1875.Cm any . 1876The default is 1877.Cm any:any . 1878.It Cm UpdateHostKeys 1879Specifies whether 1880.Xr ssh 1 1881should accept notifications of additional hostkeys from the server sent 1882after authentication has completed and add them to 1883.Cm UserKnownHostsFile . 1884The argument must be 1885.Cm yes , 1886.Cm no 1887or 1888.Cm ask . 1889This option allows learning alternate hostkeys for a server 1890and supports graceful key rotation by allowing a server to send replacement 1891public keys before old ones are removed. 1892.Pp 1893Additional hostkeys are only accepted if the key used to authenticate the 1894host was already trusted or explicitly accepted by the user, the host was 1895authenticated via 1896.Cm UserKnownHostsFile 1897(i.e. not 1898.Cm GlobalKnownHostsFile ) 1899and the host was authenticated using a plain key and not a certificate. 1900.Pp 1901.Cm UpdateHostKeys 1902is enabled by default if the user has not overridden the default 1903.Cm UserKnownHostsFile 1904setting and has not enabled 1905.Cm VerifyHostKeyDNS , 1906otherwise 1907.Cm UpdateHostKeys 1908will be set to 1909.Cm no . 1910.Pp 1911If 1912.Cm UpdateHostKeys 1913is set to 1914.Cm ask , 1915then the user is asked to confirm the modifications to the known_hosts file. 1916Confirmation is currently incompatible with 1917.Cm ControlPersist , 1918and will be disabled if it is enabled. 1919.Pp 1920Presently, only 1921.Xr sshd 8 1922from OpenSSH 6.8 and greater support the 1923.Qq hostkeys@openssh.com 1924protocol extension used to inform the client of all the server's hostkeys. 1925.It Cm User 1926Specifies the user to log in as. 1927This can be useful when a different user name is used on different machines. 1928This saves the trouble of 1929having to remember to give the user name on the command line. 1930.It Cm UserKnownHostsFile 1931Specifies one or more files to use for the user 1932host key database, separated by whitespace. 1933Each filename may use tilde notation to refer to the user's home directory, 1934the tokens described in the 1935.Sx TOKENS 1936section and environment variables as described in the 1937.Sx ENVIRONMENT VARIABLES 1938section. 1939The default is 1940.Pa ~/.ssh/known_hosts , 1941.Pa ~/.ssh/known_hosts2 . 1942.It Cm VerifyHostKeyDNS 1943Specifies whether to verify the remote key using DNS and SSHFP resource 1944records. 1945If this option is set to 1946.Cm yes , 1947the client will implicitly trust keys that match a secure fingerprint 1948from DNS. 1949Insecure fingerprints will be handled as if this option was set to 1950.Cm ask . 1951If this option is set to 1952.Cm ask , 1953information on fingerprint match will be displayed, but the user will still 1954need to confirm new host keys according to the 1955.Cm StrictHostKeyChecking 1956option. 1957The default is 1958.Cm no . 1959.Pp 1960See also 1961.Sx VERIFYING HOST KEYS 1962in 1963.Xr ssh 1 . 1964.It Cm VisualHostKey 1965If this flag is set to 1966.Cm yes , 1967an ASCII art representation of the remote host key fingerprint is 1968printed in addition to the fingerprint string at login and 1969for unknown host keys. 1970If this flag is set to 1971.Cm no 1972(the default), 1973no fingerprint strings are printed at login and 1974only the fingerprint string will be printed for unknown host keys. 1975.It Cm XAuthLocation 1976Specifies the full pathname of the 1977.Xr xauth 1 1978program. 1979The default is 1980.Pa /usr/X11R6/bin/xauth . 1981.El 1982.Sh PATTERNS 1983A 1984.Em pattern 1985consists of zero or more non-whitespace characters, 1986.Sq * 1987(a wildcard that matches zero or more characters), 1988or 1989.Sq ?\& 1990(a wildcard that matches exactly one character). 1991For example, to specify a set of declarations for any host in the 1992.Qq .co.uk 1993set of domains, 1994the following pattern could be used: 1995.Pp 1996.Dl Host *.co.uk 1997.Pp 1998The following pattern 1999would match any host in the 192.168.0.[0-9] network range: 2000.Pp 2001.Dl Host 192.168.0.? 2002.Pp 2003A 2004.Em pattern-list 2005is a comma-separated list of patterns. 2006Patterns within pattern-lists may be negated 2007by preceding them with an exclamation mark 2008.Pq Sq !\& . 2009For example, 2010to allow a key to be used from anywhere within an organization 2011except from the 2012.Qq dialup 2013pool, 2014the following entry (in authorized_keys) could be used: 2015.Pp 2016.Dl from=\&"!*.dialup.example.com,*.example.com\&" 2017.Pp 2018Note that a negated match will never produce a positive result by itself. 2019For example, attempting to match 2020.Qq host3 2021against the following pattern-list will fail: 2022.Pp 2023.Dl from=\&"!host1,!host2\&" 2024.Pp 2025The solution here is to include a term that will yield a positive match, 2026such as a wildcard: 2027.Pp 2028.Dl from=\&"!host1,!host2,*\&" 2029.Sh TOKENS 2030Arguments to some keywords can make use of tokens, 2031which are expanded at runtime: 2032.Pp 2033.Bl -tag -width XXXX -offset indent -compact 2034.It %% 2035A literal 2036.Sq % . 2037.It \&%C 2038Hash of %l%h%p%r. 2039.It %d 2040Local user's home directory. 2041.It %f 2042The fingerprint of the server's host key. 2043.It %H 2044The 2045.Pa known_hosts 2046hostname or address that is being searched for. 2047.It %h 2048The remote hostname. 2049.It \%%I 2050A string describing the reason for a 2051.Cm KnownHostsCommand 2052execution: either 2053.Cm ADDRESS 2054when looking up a host by address (only when 2055.Cm CheckHostIP 2056is enabled), 2057.Cm HOSTNAME 2058when searching by hostname, or 2059.Cm ORDER 2060when preparing the host key algorithm preference list to use for the 2061destination host. 2062.It %i 2063The local user ID. 2064.It %K 2065The base64 encoded host key. 2066.It %k 2067The host key alias if specified, otherwise the original remote hostname given 2068on the command line. 2069.It %L 2070The local hostname. 2071.It %l 2072The local hostname, including the domain name. 2073.It %n 2074The original remote hostname, as given on the command line. 2075.It %p 2076The remote port. 2077.It %r 2078The remote username. 2079.It \&%T 2080The local 2081.Xr tun 4 2082or 2083.Xr tap 4 2084network interface assigned if 2085tunnel forwarding was requested, or 2086.Qq NONE 2087otherwise. 2088.It %t 2089The type of the server host key, e.g. 2090.Cm ssh-ed25519 . 2091.It %u 2092The local username. 2093.El 2094.Pp 2095.Cm CertificateFile , 2096.Cm ControlPath , 2097.Cm IdentityAgent , 2098.Cm IdentityFile , 2099.Cm KnownHostsCommand , 2100.Cm LocalForward , 2101.Cm Match exec , 2102.Cm RemoteCommand , 2103.Cm RemoteForward , 2104and 2105.Cm UserKnownHostsFile 2106accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u. 2107.Pp 2108.Cm KnownHostsCommand 2109additionally accepts the tokens %f, %H, %I, %K and %t. 2110.Pp 2111.Cm Hostname 2112accepts the tokens %% and %h. 2113.Pp 2114.Cm LocalCommand 2115accepts all tokens. 2116.Pp 2117.Cm ProxyCommand 2118accepts the tokens %%, %h, %n, %p, and %r. 2119.Sh ENVIRONMENT VARIABLES 2120Arguments to some keywords can be expanded at runtime from environment 2121variables on the client by enclosing them in 2122.Ic ${} , 2123for example 2124.Ic ${HOME}/.ssh 2125would refer to the user's .ssh directory. 2126If a specified environment variable does not exist then an error will be 2127returned and the setting for that keyword will be ignored. 2128.Pp 2129The keywords 2130.Cm CertificateFile , 2131.Cm ControlPath , 2132.Cm IdentityAgent , 2133.Cm IdentityFile , 2134.Cm KnownHostsCommand , 2135and 2136.Cm UserKnownHostsFile 2137support environment variables. 2138The keywords 2139.Cm LocalForward 2140and 2141.Cm RemoteForward 2142support environment variables only for Unix domain socket paths. 2143.Sh FILES 2144.Bl -tag -width Ds 2145.It Pa ~/.ssh/config 2146This is the per-user configuration file. 2147The format of this file is described above. 2148This file is used by the SSH client. 2149Because of the potential for abuse, this file must have strict permissions: 2150read/write for the user, and not writable by others. 2151.It Pa /etc/ssh/ssh_config 2152Systemwide configuration file. 2153This file provides defaults for those 2154values that are not specified in the user's configuration file, and 2155for those users who do not have a configuration file. 2156This file must be world-readable. 2157.El 2158.Sh SEE ALSO 2159.Xr ssh 1 2160.Sh AUTHORS 2161.An -nosplit 2162OpenSSH is a derivative of the original and free 2163ssh 1.2.12 release by 2164.An Tatu Ylonen . 2165.An Aaron Campbell , Bob Beck , Markus Friedl , 2166.An Niels Provos , Theo de Raadt 2167and 2168.An Dug Song 2169removed many bugs, re-added newer features and 2170created OpenSSH. 2171.An Markus Friedl 2172contributed the support for SSH protocol versions 1.5 and 2.0. 2173